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CLAIMS 

What is claimed is: 

1 1. A system for accessing multiple different network stations without entry of a 

2 password, comprising: 

3 a first network station representing a network entity and configured to transmit 

4 a request for authentication of a user seeking access, the user having an associated 

5 password, an associated user identifier, and an associated asymmetric crypto-key, 

6 including a first private key portion obtainable with the password, a second private 

7 key portion and a public key portion; 

8 a second network station representing the user, and having the user identifier, 

9 a combination symmetric crypto-key corresponding to a first symmetric crypto-key 

10 and a second symmetric crypto-key, and the obtained first private key portion 

11 encrypted with the first symmetric crypto-key stored thereat, and configured to (i) 

12 transmit the stored user identifier MAC'd with the stored combination symmetric 

13 crypto-key responsive to the transmitted authentication request, and (ii) transmit the 

14 transmitted authentication request encrypted with the stored combination symmetric 

1 5 crypto-key; and 

16 a third network station, representing a sponsor, having the user identifier, the 

17 combination symmetric crypto-key, the first symmetric crypto-key, and the second 

18 private key portion stored thereat, and configured to (i) retrieve the stored 

19 combination symmetric crypto-key by matching the transmitted user identifier with 

20 the stored user identifier, (ii) verify the MAC with the retrieved combination 

21 symmetric crypto-key to verify identity of the user, (iii) decrypt the transmitted 
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22 encrypted authentication request with the retrieved combination symmetric crypto- 

23 key to recover the authentication request, (iv) encrypt the recovered authentication 

24 request with the stored second private key portion and (v) transmit the encrypted 

25 authentication request and the first symmetric crypto-key, both encrypted with the 

26 retrieved combination symmetric crypto-key; 

27 wherein the second network station is further configured to (i) decrypt the 

28 transmitted encrypted authentication request and first symmetric crypto-key, with the 

29 stored combination symmetric crypto-key to recover the encrypted authentication 

30 request and the first symmetric crypto-key, (ii) decrypt the stored encrypted first 

31 private key portion with the recovered first symmetric crypto-key to recover the first 

32 private key portion, (iii) to transmit the recovered encrypted authentication request 

33 further encrypted with the recovered first private key portion; and 

34 wherein the first station is further configured to decrypt the transmitted further 

35 encrypted authentication request with the public key to thereby authenticate the user. 

1 2. A system according to claim 1, wherein the authentication request is a hash 

2 message. 



1 3. A system according to claim 1, wherein the second network station is further 

2 configured to receive the password as a user input and obtain the first private key 

3 portion with the input password, prior to transmission of the authorization request by 

4 the first station. 
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1 4. A system according to claim 1 , wherein the combination symmetric crypto-key 

2 corresponds to the first symmetric crypto-key XOR'd with the second symmetric 

3 crypto-key. 

1 5. A system according to claim 1, wherein the second network station is further 

2 configured to automatically respond to the authentication request without the user 

3 inputting the password. 

1 6. A system according to claim 1, wherein the first symmetric crypto-key is a first 

2 random number having a length of 192 bits and the second symmetric crypto-key is 

3 a second random number, different than the first random number, having a length of 

4 192 bits. 

1 7. A system according to claim 1, wherein the third station has a time value, 

2 representing a time period for authenticating the user, stored thereat, and is further 

3 configured to retrieve the stored time value prior to encrypting the recovered 

4 authentication request and to only encrypt the recovered authentication request if the 

5 present time is within the time period represented by the time value. 

1 8. A system according to claim 1, wherein the second network station is further 

2 configured to generate the first symmetric crypto-key, and transmit the first 

3 symmetric crypto-key encrypted with the obtained first private key portion to the third 

4 network station; 

5 the third station is further configured to decrypt the transmitted encrypted first 

6 symmetric crypto-key with the second private key portion to recover the first 
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7 symmetric crypto-key and thereby authenticate the user, to store the decrypted first 

8 symmetric crypto-key, to generate the second symmetric crypto-key, to combine the 

9 first and the second symmetric crypto-key to form the combination symmetric crypto- 

10 key, to store the combination symmetric crypto-key, to transmit the second 

11 symmetric crypto-key encrypted with the first symmetric crypto-key to the second 

12 network station, and to destroy the second symmetric crypto-key; and 

13 the second network station is further configured to decrypt the transmitted 

14 encrypted second symmetric crypto-key with the first symmetric crypto-key to 

15 recover the second symmetric crypto-key and thereby authenticate the sponsor, to 

16 combine the recovered second symmetric crypto-key with the first symmetric crypto- 

17 key to form the combination symmetric crypto-key, to store the combination 

18 symmetric crypto-key, to encrypt the first private key portion with the first symmetric 

19 crypto-key, to store the encrypted first private key portion, and to destroy the first 

20 symmetric crypto-key and the unencrypted first private key portion. 



1 9. A system for accessing multiple different network stations, comprising: 

2 a first station representing a user having a password, an identifier, and an 

3 asymmetric crypto-key, including a first private key portion, a second private key 

4 portion and a public key portion, and configured to transmit a log-in request including 

5 the user identifier; and 

6 a second station representing a sponsor and configured to transmit a 

7 challenge responsive to the transmitted log-in request; 

8 wherein the first station is further configured (i) to process the user password 

9 to obtain the first private key portion, (ii) to encrypt a first symmetric crypto-key and 
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10 the transmitted challenge with the obtained first private key portion to form a first 

1 1 encrypted message, and (iii) to transmit the first encrypted message; 

12 wherein the second station is further configured (i) to decrypt the transmitted 

13 first encrypted message with the second private key portion to recover the challenge 

14 and the first symmetric crypto-key, thereby authenticating the user, (ii) to combine 

15 the recovered first symmetric crypto-key with a second symmetric crypto-key to form 

16 a combined symmetric crypto-key, (iii) to store the combined symmetric crypto-key, 

17 (iv) to encrypt the second symmetric crypto-key and a time value with the first 

18 symmetric crypto-key to form a second encrypted message, and (v) to transmit the 

19 second encrypted message; 

20 wherein the first station is further configured (i) to decrypt the transmitted 

21 second encrypted message with the first symmetric crypto-key to recover the second 

22 symmetric crypto-key and the time value, thereby authenticating the sponsor, (ii) to 

23 combine the recovered second symmetric crypto-key with the first symmetric crypto- 

24 key to form the combined symmetric crypto-key, (iii) to encrypt the first private key 

25 portion with the first symmetric crypto-key, (iv) to destroy the first symmetric crypto- 

26 key and the obtained first private key portion, (v) to encrypt a request for user 

27 authentication from another network entity with the combined symmetric crypto-key 

28 to form a third encrypted message and (vi) to transmit the user identifier, MAC'd with 

29 the combined symmetric crypto-key, and the third encrypted message; 

30 wherein the second station is further configured (i) to match the transmitted 

31 user identifier with the previously transmitted user identifier to retrieve the combined 

32 symmetric crypto-key, (ii) verify the MAC with the retrieved combined symmetric 

33 crypto-key to verify identity of the user, (iii) to decrypt the third encrypted message 

34 with the combined symmetric crypto-key to recover the request for user 
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35 authentication, (iv) to encrypt the request for user authentication with the second 

36 private key portion to form a fourth encrypted message, (v) to encrypt the first 

37 symmetric crypto-key and the fourth encrypted message with the combined 

38 symmetric crypto-key to form a fifth encrypted message and (vi) to transmit the fifth 

39 encrypted message; 

40 wherein the first network station is further configured (i) to decrypt the 

41 transmitted fifth encrypted message with the combined symmetric crypto-key to 

42 recover the transmitted first symmetric crypto-key and the transmitted fourth 

43 encrypted message, and thereby verify an identity of the sponsor, (ii) to decrypt the 

44 encrypted first private key portion with the recovered first symmetric crypto-key, (iii) 

45 to further encrypt the recovered fourth encrypted message with the decrypted first 

46 private key portion to form an authentication message, (iv) to transmit the 

47 authentication message to the other network entity to authenticate the user. 

1 10. A method for accessing multiple different network stations without entry of a 

2 password associated with a user also having an associated identifier and an 

3 associated asymmetric crypto-key, including a first private key portion obtainable 

4 with the password, a second private key portion and a public key portion, comprising: 

5 receiving a request for authentication of the user; 

6 retrieving from a first memory, without entry of the user password, the user 

7 identifier, a combination symmetric crypto-key corresponding to a first symmetric 

8 crypto-key and a second symmetric crypto-key, and the first private key portion 

9 encrypted with the first symmetric crypto-key; 

10 encrypting the transmitted authentication request with the retrieved 

1 1 combination symmetric crypto-key; 
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12 transmitting the retrieved user identifier MAC'd with the retrieved combination 

13 symmetric crypto-key, and the received authentication request encrypted with the 

14 retrieved combination symmetric crypto-key; 

15 matching the transmitted user identifier with a user identifier stored in a 

16 second memory, different than the first memory, to retrieve the combination 

1 7 symmetric crypto-key from the second memory; 

18 verifying the MAC with the retrieved combination symmetric crypto-key to 

1 9 verify identity of the user; 

20 decrypting the transmitted encrypted authentication request with the 

21 combination symmetric crypto-key to recover the authorization request; 

22 retrieving the second private key portion and the first symmetric crypto-key 

23 from the second memory; 

24 encrypting the recovered authorization request with the retrieved second 

25 private key portion to form an authentication message; 

26 transmitting the authentication message and the retrieved first symmetric 

27 crypto-key, both encrypted with the combination symmetric crypto-key; 

28 decrypting the transmitted encrypted authentication message and first 

29 symmetric crypto-key, with the combination symmetric crypto-key retrieved from the 

30 first memory to recover the authentication message and the first symmetric crypto- 

31 key; 

32 decrypting the retrieved encrypted first private key portion with the recovered 

33 first symmetric crypto-key; 

34 encrypting the recovered authentication message with the decrypted first 

35 private key portion to complete the authentication message; 

36 transmitting the completed authentication message; and 
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36 decrypting the transmitted completed authentication message with the user 

37 public key to thereby authenticate the user. 

1 11. A method according to claim 10, wherein the authentication request is a hash 

2 message. 

1 12. A method according to claim 10, further comprising: 

2 processing the user password to obtain the first private key portion, prior to 

3 receipt of the authentication request. 



1 1 3. A method according to claim 1 0, further comprising: 

2 XOR'ing the first symmetric crypto-key with the second symmetric crypto-key 

3 to generate the combination symmetric crypto-key. 



1 14. A method according to claim 10, wherein the first symmetric crypto-key is a first 

2 random number having a length of 192 bits and the second symmetric crypto-key is 

3 a second random number, different than the first random number, having a length of 

4 192 bits. 
5 

5 15. A method according to claim 10, further comprising: 

6 retrieving a time value, representing a time period for authenticating the user, 

7 from the second memory; and 

8 only encrypting the recovered authentication request if the present time is 

9 within the time period represented by the retrieved time value. 
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1 16. A method according to claim 10, further comprising: 

2 generating the first symmetric crypto-key; 

3 transmitting the first symmetric crypto-key encrypted with the obtained first 

4 private key portion; 

5 decrypting the transmitted encrypted first symmetric crypto-key with the 

6 second private key portion to recover the first symmetric crypto-key and thereby 

7 authenticate the user; 

8 storing the decrypted first symmetric crypto-key in the second memory; 

9 generating the second symmetric crypto-key; 

10 combining the first and the second symmetric crypto-keys to form the 

1 1 combination symmetric crypto-key; 

12 storing the combination symmetric crypto-key in the second memory; 

13 transmitting the second symmetric crypto-key encrypted with the first 

1 4 sym metric crypto-key; 

15 destroying the second symmetric crypto-key; 

16 decrypting the transmitted encrypted second symmetric crypto-key with the 

17 first symmetric crypto-key to recover the second symmetric crypto-key and thereby 

1 8 authenticate the sponsor; 

19 combining the recovered second symmetric crypto-key with the first 

20 symmetric crypto-key to form the combination symmetric crypto-key; 

21 storing the combination symmetric crypto-key in the first memory; 

22 encrypting the first private key portion with the first symmetric crypto-key; 

23 storing the encrypted first private key portion in the first memory; and 

24 destroying the first symmetric crypto-key used to encrypt the first private key 

25 portion and the unencrypted first private key portion. 
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1 17. A method for accessing multiple different network stations by a user having a 

2 user identifier, a user password and an asymmetric crypto-key, including a first 

3 private key portion, a second private key portion and a public key portion; 

4 transmitting a log-in request including the user identifier; 

5 transmitting a challenge of a sponsor responsive to the transmitted log-in 

6 request; 

7 processing the user password to obtain the first private key portion; 

8 encrypting a first symmetric crypto-key and the transmitted challenge with the 

9 obtained first private key portion to form a first encrypted message; 

10 transmitting the first encrypted message; 

11 decrypting the transmitted first encrypted message with the second private 

12 key portion to recover the challenge and the first symmetric crypto-key, and thereby 

1 3 authenticate the user to the sponsor; 

14 combining the recovered first symmetric crypto-key with a second symmetric 

1 5 crypto-key to form a combined symmetric crypto-key; 

16 storing the combined symmetric crypto-key in a first memory; 

17 encrypting the second symmetric crypto-key with the first symmetric crypto- 

18 key to form a second encrypted message; 

19 transmitting the second encrypted message; 

20 decrypting the transmitted second encrypted message with the first symmetric 

21 crypto-key to recover the second symmetric crypto-key, and thereby authenticate the 

22 sponsor to the user; 

23 combining the recovered second symmetric crypto-key with the first 

24 symmetric crypto-key to form the combined symmetric crypto-key; 
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25 storing the combined symmetric crypto-key in a second memory, different 

26 than the first memory; 

27 encrypting the first private key portion with the first symmetric crypto-key; 

28 destroying the first symmetric crypto-key used to encrypt the first private key 

29 portion and the obtained first private key portion; 

30 encrypting a request for authentication of the user with the combined 

31 symmetric crypto-key to form a third encrypted message; 

32 transmitting the user identifier, MAC'd with the combined symmetric crypto- 

33 key, and the third encrypted message; 

34 matching the transmitted user identifier with the previously transmitted user 

35 identifier to retrieve the combined symmetric crypto-key from the second memory; 

36 verifying the transmitted MAC with the retrieved combined symmetric crypto- 

37 key to verify an identity of the user; 

38 decrypting the third encrypted message with the combined symmetric crypto- 

39 key to recover the request for user authentication; 

40 encrypting the request for user authentication with the second private key 

41 portion to form a fourth encrypted message; 

42 encrypting the first symmetric crypto-key and the fourth encrypted message 

43 with the combined symmetric crypto-key stored in the first memory to form a fifth 

44 encrypted message; 

45 transmitting the fifth encrypted message; 

46 decrypting the transmitted fifth encrypted message with the combined 

47 symmetric crypto-key stored in the second memory to recover the transmitted first 

48 symmetric crypto-key and the transmitted fourth encrypted message, and thereby 

49 verify an identity of the sponsor; 



54 



* - Docket No.: 3001-07A-CNT Patent 
File No.: 1160.41369CX7 

50 decrypting the encrypted first private key portion with the recovered first 

51 symmetric crypto-key; 

52 further encrypting the recovered fourth encrypted message with the decrypted 

53 first private key portion to form an authentication message; 

54 transmitting the authentication message to the other network entity to 

55 authenticate the user. 



1 18. A method for accessing multiple different network stations without entry of 

2 a password associated with a user having an associated first symmetric crypto-key, 

3 an associated second symmetric crypto-key and an associated asymmetric crypto- 

4 key, including a first private key portion, a second private key portion and a public 

5 key portion, comprising: 

6 encrypting the first private key portion with the first symmetric crypto-key; 

7 transmitting a request, of a network station, for authentication of the user, 

8 encrypted with the second symmetric crypto-key to a sponsor; 

9 decrypting the transmitted encrypted authentication request with the second 

1 0 symmetric crypto-key to recover the authentication request; 

1 1 encrypting the recovered authentication request with the second private key 

1 2 portion to form an authentication message; 

13 transmitting the authentication message and the first symmetric crypto-key, 

14 both encrypted with the second symmetric crypto-key to the user; 

15 decrypting both the transmitted encrypted authentication message and the 

16 transmitted encrypted first symmetric crypto-key with the second symmetric crypto- 

17 key to recover the authentication message and the first symmetric crypto-key; 
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18 decrypting the first private key portion with the recovered first symmetric 

1 9 crypto-key; 

20 transmitting the authentication message encrypted the recovered first 

21 symmetric crypto-key to the network station; and 

22 decrypting the transmitted encrypted authentication message with the public 

23 key portion to recover the authentication request and thereby authenticate the user 

24 to the network station. 
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